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(57) Abstract: A basic feature of the invention is to rely on an AAA infrastructure to "bootstrap" the HMIPv6 service for a mobile 
node (130) that "roams" in a visited network or the home network. In accordance with a preferred embodiment of the invention, 
bootstrapping the HMIPv6 service involves authenticating and authorizing the mobile node (130) for HMIPv6 service based on an 
AAA infrastructure. In an important scenario, the mobile node is roaming in a visited network, and the AAA infrastructure (110, 120, 
122) links the visited network with the home network of the mobile node. The invention also supports the possibility of having the 
MAP (125) located in the home network or other network than the visited network. The reliance on the AAA infrastructure preferably 
involves transferring HMIPv6 -related information required for authenticating and authorizing the mobile node for HMIPv6 service 
over the AAA infrastructure. 
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AMENDED CLAIMS 

[received by the International Bureau on 18 November 2004 (18.11.04); 
original claims 1-51 replaced by new claims 1-58 (11 pages)] 

CLAIMS 

1. A method of supporting Hierarchical Mobile IP version 6 (HMIPv6) service 
for a mobile node, characterized by using an AAA infrastructure to bootstrap the 

5 HMIPv6 service including: 

said AAA infrastructure assigning an appropriate Mobility Anchor Point (MAP) 
to the mobile node for the HMIPv6 service; and 

transferring HMIPv6-related information required for authenticating and 
authorizing the mobile node for the HMIPv6 service with the assigned MAP over said 
10 AAA infrastructure. 

2. The method of claim 1 5 characterized in that an AAA server of said AAA 
infrastructure assigns an appropriate MAP to the mobile node for the HMIPv6 service. 

15 3. The method of claim 2, characterized in that the mobile node is roaming in a 

visited network, and an AAA visited network server (AAAv) assigns a MAP in the 
visited network to the mobile node. 

4. The method of claim 3, characterized in that the AAAv assigns a MAP based 
20 on a policy of the visited network operator. 

5. The method of claim 3, characterized in that the mobile node sends a MAP 
assignment request to an AAA home network server (AAAh) over the AAA 
infrastructure, and the AAAh forwards the MAP assignment request to the AAA 

25 visited network server (AAAv), and the AAA home network server generates 
credential-related data for security association between the mobile node and the 
assigned MAP, said credential-related data being transferred from the AAAh to the 
MAP via the AAAv, the AAAh generates information for finalizing the security 
association or the MAP responds with information for finalizing the security 

30 association to the AAAh via the AAAv, and the AAAh sends HMIPv6 authorization 
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information including MAP assignment information, binding address information and 
security association information to the mobile node over the AAA infrastructure. 

6. The method of claim 2, characterized in that an AAA home network server 
5 (AAAh) assigns a MAP in the home network to the mobile node. 

7. The method of claim 6, characterized in that the AAA home network server 
(AAAh) generates credential-related data for security association between the mobile 
node and the assigned MAP and sends said credential-related data to the MAP, the 

10 AAAh generates information for finalizing the security association or the MAP 
responds with information for finalizing the security association to the AAAh, and the 
AAAh sends HMIPv6 authorization information including MAP assignment 
information, binding address information and security association information to the 
mobile node over the AAA infrastructure. 

15 

8. The method of claim 1, characterized in that an AAA infrastructure 
component of the home network generates credential-related data for security 
association between the mobile node and the assigned MAP and sends said credential- 
related data to the MAP, the AAA infrastructure home network component generates 

20 information for finalizing the security association or the MAP responds with 
information for finalizing the security association to the AAA infrastructure home 
network component, which sends HMIPv6 authorization information to the mobile 
node over the AAA infrastructure. 

25 9. The method of claim 1, characterized in that said HMIPv6-related 

information comprises HMIPv6 authentication, authorization and configuration 
information. 
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10. The method of claim 1, characterized by transferring HMIPv6-related 
information over said AAA infrastructure for establishing a HMIPv6 security 
association between the mobile node and the assigned MAP, 

5 11. The method of claim 10, characterized by transferring HMIPv6-related 

information over said AAA infrastructure for establishing a HMIPv6 binding for the 
mobile node. 

12. The method of claim 11, characterized by transferring HMIPv6-related 
10 information for HMIPv6 binding in the same round trip as HMIPv6-related 

information for HMIPv6 security association. 

13. The method of claim 1, characterized in that the mobile node is roaming in a 
visited network, and HMIPv6-related authentication and authorization information is 

15 transferred between the mobile node and an AAA home network server (AAAh) 
within an authentication protocol in an end-to-end procedure transparent to the visited 
network. 

14. The method of claim 13, characterized in that said authentication protocol is 
20 an extended authentication protocol. 

15. The method of claim 14, characterized in that said extended authentication 
protocol is an extended Extensible Authentication Protocol (EAP), and said HMIPv6- 
related information is incorporated as additional data in the EAP protocol stack. 

25 

16. The method of claim 15, characterized in that said HMIPv6-related 
information is transferred as EAP attributes in the EAP method layer of the EAP 
protocol stack. 
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17. The method of claim 15, characterized in that said HMIPv6-related 
information is transferred in a generic container in the EAP protocol stack. 

18. The method of claim 15, characterized in that the extended EAP protocol is 
5 carried by PANA, PPP or IEEE 802. IX between the mobile node and an AAA client 

in the visited network, and by Diameter or Radius within the AAA infrastructure. 

19. The method of claim 1, characterized in that the assigned MAP is located in 
the home network of the mobile node, and HMIPv6-related information is transferred 

10 between the mobile node and an AAA home network server (AAAh) within an 
authentication protocol, and HMIPv6-related information is transferred between the 
AAAh and the assigned MAP in a separate session of the authentication protocol or 
within an AAA. framework protocol application. 

15 20. The method of claim 13, characterized in that the assigned MAP is located in 

the visited network, and HMIPv6-related information is transferred between the 
mobile node and the AAA home network server (AAAh) within said authentication 
protocol, and HMIPv6-related information is transferred between the AAAh and the 
assigned MAP in the visited network within an AAA framework protocol application. 

20 

21. The method of claim 20, characterized in that said AAA framework protocol 
application is a Diameter or Radius application adapted for HMIPv6. 

22. The method of claim 1, characterized in that said HMIPv6~related 
25 information is transferred in an AAA framework protocol application over said AAA 

infrastructure. 

23. The method of claim 22, characterized in that said AAA framework protocol 
application is a Diameter or Radius application adapted for HMIPv6. 
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24. The method of claim 1, characterized by simultaneously accommodating 
HMIPv6 and MIPv6 authentication and authorization in the same round trip over said 
AAA infrastructure. 

5 25. A system for supporting Hierarchical Mobile IP version 6 (HMIPv6) service 

for a mobile node, characterized by: 

an AAA infrastructure component operable for assigning an appropriate Mobility 
Anchor Point (MAP) to the mobile node for the HMIPv6 service; and 

means for transferring HMIPv6-related information required for authenticating 
10 and authorizing the mobile node for the HMIPv6 service with the assigned MAP over 
said AAA infrastructure. 

26. The system of claim 25, characterized in that said AAA infrastructure 
component is an AAA server that is operable for assigning an appropriate MAP to the 

15 mobile node for the HMIPv6 service. 

27. The system of claim 26, characterized in that the mobile node is roaming in a 
visited network, and an AAA visited network server (AAAv) is operable for assigning 
a MAP in the visited network to the mobile node. 

20 

28. The system of claim 27, characterized in that the AAAv is operable for 
assigning a MAP based on a policy of the visited network operator. 

29. The system of claim 27, characterized in that an AAA home network server 
25 (AAAh) comprises: 

means for forwarding a MAP assignment request received over said AAA 
infrastructure from the mobile node to the AAA visited network server (AAAv); 

means for generating credential-related data for security association between 
the mobile node and the assigned MAP; 
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means for sending said credential-related data to the assigned MAP via the 

AAAv; 

means for receiving, from the MAP via the AAAv, information for finalizing 
the security association and binding address information; and 
5 means for sending HMIPv6 authorization information including MAP 

assignment information, binding address information and security association 
information to the mobile node over the AAA infrastructure. 

30. The system of claim 26, characterized in that an AAA home network server 
10 (AAAh) is operable for assigning a MAP in the home network to the mobile node. 

31. The system of claim 30, characterized in that the AAA home network server 
(AAAh) comprises: 

means for generating credential-related data for security association between 
15 the mobile node and the assigned MAP; 

means for sending said credential-related data to the assigned MAP; 
means for receiving information from the MAP for finalizing the security 
association and binding address information; 

means for sending HMIPv6 authorization information including MAP 
20 assignment information, binding address information and security association 
information to the mobile node over the AAA infrastructure. 

32. The system of claim 25, characterized in that an AAA infrastructure 
component of the home network comprises: 

25 means for generating credential-related data for security association between 

the mobile node and the assigned MAP; and 

means for sending said credential-related data to the assigned MAP; 
means for receiving information from the MAP for finalizing the security 
association; and 
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means for sending HMIPv6 authorization information to the mobile node 
over the AAA infrastructure. 

33. The system of claim 25, characterized in that said HMIPv6-related 
5 information comprises HMIPv6 authentication, authorization and configuration 

information. 

34. The system of claim 25, characterized by means for transferring HMIPv6- 
related information over said AAA infrastructure for establishing a HMIPv6 security 

10 association between the mobile node and the assigned MAP. 

35. The system of claim 34, characterized by means for transferring HMIPv6- 
related information over said AAA infrastructure for establishing a HMIPv6 binding 
for the mobile node. 

15 

36. The system of claim 35, characterized by means for transferring HMIPv6- 
related information for HMIPv6 binding in the same round trip as HMIPv6-related 
information for HMIPv6 security association. 

20 37. The system of claim 25, characterized in that the mobile node is roaming in a 

visited network, and HMIPv6-related authentication and authorization information is 
transferred between the mobile node and an AAA home network server (AAAh) 
within an authentication protocol in an end-to-end procedure transparent to the visited 
network. 

25 

38. The system of claim 37, characterized in that said authentication protocol is 
an extended authentication protocol. 
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39. The system of claim 38, characterized in that said extended authentication 
protocol is an extended Extensible Authentication Protocol (EAP), and said HMIPv6- 
related information is incorporated as additional data in the EAP protocol stack. 

5 40. The system of claim 39, characterized in that said HMIPv6~related 

information is transferred as EAP attributes in the EAP method layer of the EAP 
protocol stack. 

41. The system of claim 39, characterized in that said HMIPv6-related 
10 information is transferred in a generic container in the EAP protocol stack. 

42. The system of claim 39, characterized in that the extended EAP protocol is 
carried by PANA, PPP or IEEE 802. IX between the mobile node and an AAA client 
in the visited network, and by Diameter or Radius within the AAA infrastructure. 

15 

43. The system of claim 25, characterized in that the assigned MAP is located in 
the home network, and HMIPv6-related information is transferred between the mobile 
node and an AAA home network server (AAAh) within an authentication protocol, 
and HMIPv6-related information is transferred between the AAAh and the MAP in a 

20 separate session of the authentication protocol or within an AAA framework protocol 
application. 

44. The system of claim 37, characterized in that the assigned MAP is located in 
the visited network, and HMIPv6-related information is transferred between the 

25 mobile node and an AAA home network server (AAAh) within said authentication 
protocol, and HMIPv6-related information is transferred between the AAAh and the 
assigned MAP in the visited network within an AAA framework protocol application. 

45. The system of claim 44, characterized in that said AAA framework protocol 
30 application is a Diameter or Radius application adapted for HMIPv6. 
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46. The system of claim 25, characterized in that said HMIPv6-related 
information is transferred in an AAA framework protocol application over said AAA 
infrastructure. 

5 47. The system of claim 46, characterized in that said AAA framework protocol 

application is a Diameter or Radius application adapted for HMIPv6. 

48. The system of claim 25 , characterized by means for simultaneously 
accommodating HMIPv6 and MIPv6 authentication and authorization in the same 

10 round trip over said AAA infrastructure. 

49. An AAA server for supporting Hierarchical Mobile IP version 6 (HMIPv6) 
service for a mobile node, characterized by means for assigning an appropriate 
Mobility Anchor Point (MAP) to the mobile node for the HMIPv6 service. 

15 

50. The AAA server of claim 49, characterized in that the mobile node is 
roaming in a visited network, and said AAA server is an AAA visited network server 
(AAAv) operable for assigning a MAP in the visited network. 

20 51. The AAA server of claim 50, characterized in that said AAAv is operable for 

assigning a MAP based on a policy of the visited network operator. 

52. The AAA server of claim 49, characterized in that said AAA server is an 
AAA home network server (AAAh) operable for assigning a MAP in the home 

25 network of the mobile node. 

53. The AAA server of claim 49, characterized in that said MAP assigning means 
operates in response to a MAP assignment request initiated from the mobile node. 
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54. The AAA server of claim 49, characterized in that said MAP assigning 
means is operable for performing network-initiated MAP assignment. 

55. An AAA home network server (AAAh) for supporting Hierarchical Mobile 
5 IP version 6 (HMIPv6) service for a mobile node, characterized by: 

means for generating credential-related data for security association between 
the mobile node and a Mobility Anchor Point (MAP) assigned by an AAA 
infrastructure component; and 

means for sending said credential-related data to the assigned MAP; 
10 means for receiving information from the MAP for finalizing the security 

association; and 

means for sending HMIPv6 authorization information including security 
association information to the mobile node. 

15 56. The AAA home network server of claim 55, characterized in that said mobile 

node is roaming in a visited network, and said means for sending HMIPv6 
authorization information is operable for sending the information over an AAA 
infrastructure linking the visited network with the home network of the mobile node. 

20 57. The AAA home network server of claim 56, characterized in that said AAA 

home network server is configured for receiving, from the assigned MAP, information 
for finalizing the security association as well as binding address information, and said 
means for sending HMIPv6 authorization information over the AAA infrastructure is 
configured for sending HMIPv6 authorization information including MAP assignment 

25 information, binding address information and security association information to the 
mobile node. 

58. A system for supporting Hierarchical Mobile IP version 6 (HMIPv6) service 
for a mobile node, characterized by means for transferring HMIPv6-related 
30 authentication and authorization information in an Extensible Authentication Protocol 
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(EAP) between the mobile node and an AAA home network server over an AAA 
infrastructure for authenticating and authorizing the mobile node for HMIPv6 service, 
said HMIPv6-related information being incorporated as additional data in the EAP 
protocol stack. 
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